...
Permissions can be added to control which user groups (and therefore which users) can see displays and nodes in the GUI:
- Explorer.xml, <permission>: explorer tasks (displays), such as the Time Series Dialog or the Grid Display. Tasks will not be visible in the menus or toolbar.
- Topology.xml, <viewPermission>: tasks (nodes) in the Forecast Tree
- GridDisplay.xml, <viewPermission>: displays (nodes) in the Spatial Display
- Filters.xml, <viewPermission>: filters (nodes) in the Data Viewer
- DisplayGroups.xml, <viewPermission>: shortcuts (listed under the Star icon) in the Time Series Display
- webOperatorClient.xml, <viewPermission>: components (displays) in the WebOC
...
You need to configure at least 3 files to set-up permissions:
- Define <userGroup> 's (1 or multiple) in SystemConfigFiles/UserGroups.xml and assign them <user> id's.IDs.
- userGroups can be nested
- Alternatively, you can assign users to userGroups in the Admin Interface: Users#EditUser
- Define <permission> (1 or multiple) Define <permission>'s in SystemConfigFiles/Permissions.xml and assign them <userGroup> id's1 or multiple <userGroup> IDs.
- Include permission configuration in any or all of the above listed configuration files, using the <permission> IDs.
Info | ||
---|---|---|
| ||
Note: if you want to disable permissions in a Stand Alone version (for example in a WaterCoach application), you can simply remove or rename the (e.g. the WaterCoach), simply remove/rename Permissions.xml and UserGroups.xml files. This will result in warnings where you have configured viewPermissions, however . |
Info | ||
---|---|---|
| ||
Note: you can integrate the userGroups and Permissions configuration with Open ID: FEWS Web Services Security with Open ID Connect |
Permissions.xml
When available on the file system, the name of the XML file is Permissions.xml
...
Unique name of the permission
...
userGroup
Id of each usergroup userGroup that is granted the given permission
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<permissions xmlns=".....">
<permission id="AllowDataEditor">
<userGroup id="Hydroloog"/>
<userGroup id="Veldmedewerker"/>
</permission>
<permission id="AllowManualForecast">
<userGroup id="Hydroloog"/>
</permission>
<permission id="AllowLabelEditor">
<userGroup id="Hydroloog"/>
</permission>
<permission id="AllowCommentEditor">
<userGroup id="Hydroloog"/>
<userGroup id="Veldmedewerker"/>
</permission>
<permission id="AllowValueEditor">
<userGroup id="Hydroloog"/>
</permission>
</permissions>
|
With the enabled attribute you can make a permission only available for certain globalProperties.xml/clientConfig.xml (OC/Webservice)
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<permissions xmlns=".....">
<permission id="FEWS_SA" enabled="$PROP_SA$">
<userGroup id="OC_DataEditor"/>
<userGroup id="OC_Forecaster"/>
<userGroup id="OC_SuperUser"/>
<userGroup id="OC_Configurator"/>
</permission
<permissions xmlns=".....">
|
userGroups.xml
When available on the file system, the name of the XML file is Usergroups.xml.
Figure 4 Elements in the Usergroups configuration
userGroup
Base tag for a userGroup configure one for each user group. A userGroup can contain three types of sub-items:
...